Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Backdrop Cms Security Vulnerabilities

cve
cve

CVE-2018-1000813

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...

4.8CVSS

5AI Score

0.001EPSS

2022-10-03 04:22 PM
20
cve
cve

CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the serv...

9.8CVSS

9.5AI Score

0.005EPSS

2019-08-08 02:15 AM
92
cve
cve

CVE-2019-19900

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute scripti...

4.8CVSS

5AI Score

0.001EPSS

2019-12-19 06:15 AM
70
cve
cve

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute script...

4.8CVSS

4.8AI Score

0.001EPSS

2019-12-19 06:15 AM
65
cve
cve

CVE-2019-19902

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to pote...

7.2CVSS

7AI Score

0.001EPSS

2019-12-19 06:15 AM
67
cve
cve

CVE-2019-19903

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list of ...

4.8CVSS

5AI Score

0.001EPSS

2019-12-19 06:15 AM
70
cve
cve

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

5.3CVSS

5.4AI Score

0.001EPSS

2022-08-01 08:15 PM
30
3
cve
cve

CVE-2022-42092

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.

7.2CVSS

7.1AI Score

0.081EPSS

2022-10-07 06:15 PM
59
8
cve
cve

CVE-2022-42095

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.

4.8CVSS

4.8AI Score

0.005EPSS

2022-11-23 02:15 AM
41
4
cve
cve

CVE-2022-42096

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.

4.8CVSS

4.8AI Score

0.008EPSS

2022-11-21 09:15 PM
47
3